Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 291 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

CAST LIST!

Congratulations to all of those who received parts in Firefly Between the Lines. The turnout was amazing and we were impressed by the talent we heard. If you’re on this list you’ll be receiving an email in the next couple days.

Below is the cast list, organized alphabetically by first name.

Name —  Role

Andrew Ball – Déshí Jin
Bing – Inara
Brian Brown – Jayne
Clay Robeson – Jed
Dan Putnam – Mal
Jancis – Cade
Kiba – Kaylee
Larissa – Cora
Lindsay Zana – Nandi
Mandy K  –  Zoe
Michal – Saskia
Murray – Nigel
Rish Outfield – Badger
Robert Naquin – Wash

General CastWill be assigned a part later

Alan Gordon
Aleska Archer
Amanda Bronson
Andrew Rood
Andy K
Arlo
Christine P
Claudia Wair
Clinton
Dan Kroon
David Robins
Doug Manning
Edward Gore
Faith
Frank Ramblings
Garrick Moritz
Heidi Jenkins
James Schmidt
Jarrett Kaufman
Jen M
Jon Johnson
katsafras
Kinsey
Lisa T
Mark Smith
Mat Weller
Melissa
Michelle Turner
Mike Bailey
Naomi
Nekosensei
R.E Chambliss
Rev-Samurai
Robin Burge
Robin Hudson
Sarah Robertson
Scott P
Serge
Siobhan
Steven
Susie the Geek
Thea
Thom Bowers
Tim in Houston
Valina
Volo

Auditions CLOSED!

Thank you all for your participation! You should have received (or will soon receive) an email confirming receipt of your audition/application.

Please email:betweenthelinesauditions@gmail.com if you have any additional questions. The cast list will be released by the end of January.

NO ADDITIONAL SUBMISSIONS WILL BE ACCEPTED AT THIS POINT!

Auditions Closing soon!

Click here to start your auditions.

Auditions will close 12/18/10 so make sure you get them in ASAP! Don’t miss your chance to be part of the cast/crew of Firefly Between the Lines!

Auditions are Now Open!

Welcome to Firefly Between the Lines open casting call!

Click here to start your auditions.

Please note that there’s a lot of reading involved. Do not get overwhelmed, we promise it’s pretty straightforward. Please read all instructions before starting your application process.

We hope to have you all join our shiny crew and see Serenity fly again!
Much Love,
Kim & Tabz (Executive Producers)

FBtLAuditions1 – Speak ‘the Verse

Promo for Firefly Between the Lines auditions opening tomorrow!

Voiced by Brian Brown
Written by Kevin Cummings
Edited by Scott W.

Auditions Coming Soon!

Audio auditions for Firefly Between the Lines (FBtL), will open December 1st, 2010 and end 11AM EST on December 18th, 2010.

Check back then for more details.

female viagra